﻿using IdentityModel;
using IdentityServer4;
using IdentityServer4.Models;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;

namespace SX.AuthServer
{
    public class Config
    {

        public static IEnumerable<IdentityResource> IdentityResources =>
            new IdentityResource[]
            {
                new IdentityResources.OpenId(),
                new IdentityResources.Profile()
            };

        // v4新增
        public static IEnumerable<ApiScope> ApiScopes =>
            new ApiScope[] {
                 new ApiScope("SX.BaseService.API"),
                 new ApiScope("SX.ProductService.API")
                  
            };

        public static IEnumerable<ApiResource> ApiResources =>
            new ApiResource[]
            {
                new ApiResource("SX.BaseService.API", "基础服务API")
                {
                    //v4新增
                    Scopes = { "SX.BaseService.API" },
                    ApiSecrets = new List<Secret>()
                    {
                        new Secret("123456".Sha256())
                    }
                },
                 new ApiResource("SX.ProductService.API", "商品服务API")
                {
                    //v4新增
                    Scopes = { "SX.ProductService.API" },
                    ApiSecrets = new List<Secret>()
                    {
                        new Secret("123456".Sha256())
                    }
                }              
            };


        public static IEnumerable<Client> GetClients(AppSettings appSettings) =>
          new Client[]
          {
                //swagger-BaseService
                new Client
                {
                    ClientId = "SX.BaseService.API",
                    ClientName = "基础服务后端api认证",
                    AllowedGrantTypes = GrantTypes.Implicit,
                    AllowAccessTokensViaBrowser = true,
                    AccessTokenLifetime = 3600 * 1,
                    RedirectUris =
                    {
                        "http://localhost:8001/swagger/oauth2-redirect.html",
                        //这里加上网关的地址，这样在网关swagger中就可以进行跳转到登录页面进行授权
                         "http://localhost:5001/swagger/oauth2-redirect.html",
                    },

                    PostLogoutRedirectUris =
                    {
                        $"http://localhost:8001",
                    },
                    AllowedScopes =
                    {
                        "SX.BaseService.API"
                    }
                },
                //swagger-ProductService
                new Client
                {
                    ClientId = "SX.ProductService.API",
                    ClientName = "产品服务后端api认证",
                    AllowedGrantTypes = GrantTypes.Implicit,
                    AllowAccessTokensViaBrowser = true,
                    AccessTokenLifetime = 3600 * 1,
                    RedirectUris =
                    {
                        "http://localhost:8002/swagger/oauth2-redirect.html",
                         //这里加上网关的地址，这样在网关swagger中就可以进行跳转到登录页面进行授权
                         "http://localhost:5001/swagger/oauth2-redirect.html",
                    },

                    PostLogoutRedirectUris =
                    {
                        $"http://localhost:8002"
                    },
                    AllowedScopes =
                    {
                        "SX.ProductService.API"
                    }
                },
                ////用于服务间内部通信,可以请求http://localhost:5000/connect/token获取token，然后向别的服务发起请求
                //new Client
                //{
                //    ClientId = "test",
                //    ClientName = "测试客户端",
                //    AllowedGrantTypes = GrantTypes.ResourceOwnerPasswordAndClientCredentials,
                //    AllowOfflineAccess=true,
                //    RequireClientSecret = false,
                //    AllowedScopes =
                //    {
                //        IdentityServerConstants.StandardScopes.OpenId,
                //        IdentityServerConstants.StandardScopes.Profile,
                //        "SX.BaseService.API"
                //    }
                //},
                ////客户端授权模式
                //new Client
                //{
                //    ClientId = "test2",
                //    ClientName = "测试客户端2",
                //    AllowedGrantTypes = GrantTypes.ClientCredentials,
                //    AllowOfflineAccess=true,
                //    RequireClientSecret = false,
                //    //这里token过期时间可以设置长一点，第一次通过http请求获取到token存入缓存，并把过期时间设置为比当前小一点，这样就可以使用这个token进行服务内部通信，不用多次请求token
                //    AccessTokenLifetime=3600*12,//12小时
                //    AllowedScopes =
                //    {
                //        "SX.BaseService.API"
                //    }
                //},
                new Client
                {
                    ClientId = "admin.ui",
                    ClientName = "admin前端",
                    AllowedGrantTypes = GrantTypes.Implicit,
                    //ClientSecrets = new []{ new Secret(appSettings.AdminUI.Secret.Sha256()) },
                    RequireConsent = false, //同意
                    AllowAccessTokensViaBrowser = true,
                    AccessTokenLifetime = appSettings.AdminUI.AccessTokenLifetime, //2小时 = 3600 * 2
                    //SlidingRefreshTokenLifetime = 3600 * 24, //1天 = 3600 * 24
                    //AllowOfflineAccess = true,
                    //AlwaysIncludeUserClaimsInIdToken = true,
                    RedirectUris = appSettings.AdminUI.RedirectUris,
                    PostLogoutRedirectUris = appSettings.AdminUI.PostLogoutRedirectUris,
                     AllowedCorsOrigins = appSettings.CorUrls,
                    
                    AllowedScopes =
                    {
                        IdentityServerConstants.StandardScopes.OpenId,
                        IdentityServerConstants.StandardScopes.Profile,
                        "SX.BaseService.API"
                    }
                }
          };

    }

  
}
